SecuriTeam Secure Disclosure

(SSD) is a vulnerability disclosure program established in 2007 by Beyond Security.

SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. We are looking to acquire zero-day vulnerabilities, in different stages of research, affecting major operating systems, software, devices and report them to the vendors and to our clients. We believe researchers need to get paid for their efforts, that’s why we (Beyond Security) will acquire your research (money guaranteed) and report the vulnerabilities for you.

Q&A

How critical the vulnerability is. For example, if you find an unauthenticated arbitrary code execution vulnerability, you would be substantially paid higher than if you find Cross Site Scripting vulnerability.

What if I want to stay anonymous?Fine by us! A lot of our researchers choose to stay anonymous. What is your policy regarding privacy and confidentiality of researcher's information?We take the privacy of researchers very seriously and do not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.

Which payment methods are available? We support various payment methods. Wire transfer, PayPal (up to $2000), Bitcoin, Gift cards, etc

What is the difference between SSD and Bug Bounties or other programs?

Money:

We are willing to pay more than bug bounties programs.

If a vendor doesn't have any bug bounty program - we will still acquire the vulnerability and report it to the vendor / our clients.

We believe researchers need to get paid for their effort and we are willing to offer higher rewards for researchers. We give another option to researchers, "Sell us your vulnerabilities and not to the black market."

As part of our vulnerability disclosure program we established a closed community where we invest a lot of resources to support the researchers who work with us. We believe in long-term investment and if we will provide the tools, education and knowledge to our researchers, they will find more vulnerabilities, advanced attack vectors and innovative ways to exploit them.

We sponsor researchers workshops, courses, software licenses, various hardware and conferences , flights, entry tickets, accommodation and more! We are always looking for new researchers to be part of our community. That's why we are promoting our “Refer a friend program”. We basically offer $4000 to researchers who refer us to a new security researcher that starts to work with us.

As part of our way to support the international community we sponsor security conferences around the world - from Black Hat USA to community conferences such as DefCamp Romania. We publish the vulnerability's technical information in our blog (blogs.securiteam.com), Twitter (@SecuriTeam_SSD) and vendor advisories. We also are proud to give lectures and hacking competitions at international security conferences.

In 2016 we sponsored (in each conference our community researchers Attended):